Communication control system, communication control apparatus, and communication control method

ABSTRACT

A communication control system includes an attendance confirmation accepting unit that accepts confirmation of attendance according to an operation of an attendee to an information processing apparatus located at a conference room, a random number processor that generates a random number in case of accepting the confirmation of attendance and stores connection authentication information based on the random number in a memory, the connection authentication information being used for authenticating exchange of information with a terminal operated by the attendee at the conference, a print controller that transfers an output command for printing an image having the generated random number to an image forming apparatus, and a wireless connection controller that receives authentication information input by the terminal based on the random number via wireless communication at the conference room and authenticates the exchange of information with the terminal based on the connection authentication information stored in the memory.

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent application is based on and claims priority pursuant to 35U.S.C. §119(a) to Japanese Patent Application Nos. 2015-056715, filed onMar. 19, 2015 and 2016-017401, filed on Feb. 1, 2016 in the Japan PatentOffice, the entire disclosures of which are hereby incorporated byreference herein.

BACKGROUND

1. Technical Field

The present invention relates to a communication control system, acommunication control apparatus, and a communication control method.

2. Background Art

Recently, information can be exchanged within limited areas usingclose-range wireless communication technologies such as WirelessFidelity (Wi-Fi) and Near Field Communication (NFC). In thosetechnologies, various methods that can allow to exchange informationamong limited terminals only have been proposed. For example, atechnology that forms a network in which information can be exchangedamong terminals to which a same keyword is input has been proposed.

SUMMARY

Embodiments of the present invention provide a novel communicationcontrol system that includes an attendance confirmation accepting unitthat accepts confirmation of attendance according to an operation of anattendee to an information processing apparatus located at a conferenceroom, a random number processor that generates a random number in caseof accepting the confirmation of attendance and stores connectionauthentication information based on the random number in a storagemedium, the connection authentication information being used forauthenticating exchange of information with a terminal operated by theattendee at the conference, a print controller that transfers an outputcommand for printing an image having the generated random number to animage forming apparatus, and a wireless connection controller thatreceives authentication information input by the terminal based on therandom number via wireless communication at the conference room andauthenticates the exchange of information with the terminal based on theconnection authentication information stored in the storage medium.

Further embodiments of the present invention provide a communicationcontrol apparatus and a communication control method.

BRIEF DESCRIPTION OF THE DRAWINGS

A more complete appreciation of the disclosure and many of the attendantadvantages thereof will be readily obtained as the same becomes betterunderstood by reference to the following detailed description whenconsidered in conjunction with the accompanying drawings.

FIG. 1 is a diagram illustrating a system as an embodiment of thepresent invention.

FIG. 2 is a block diagram illustrating a hardware configuration of aninformation processing apparatus as an embodiment of the presentinvention.

FIG. 3 is a sequence diagram illustrating an operation of the wholesystem as an embodiment of the present invention.

FIG. 4 is a diagram illustrating information included in a request toregister attendance as an embodiment of the present invention.

FIG. 5 is a diagram illustrating information on accepting a request forattendance as an embodiment of the present invention.

FIG. 6 is a diagram illustrating a graphic user interface (GUI) of ascreen for confirming attendance at a conference as an embodiment of thepresent invention.

FIG. 7 is a diagram illustrating a random table as an embodiment of thepresent invention.

FIG. 8 is a diagram illustrating information on connectionauthentication as an embodiment of the present invention.

FIG. 9 is a diagram illustrating another information on accepting arequest for attendance as an embodiment of the present invention.

FIG. 10 is a diagram illustrating a GUI of a screen for inputtinginformation on connection authentication as an embodiment of the presentinvention.

FIG. 11 is a block diagram illustrating a functional configuration of aconference system server as an embodiment of the present invention.

FIG. 12 is a diagram illustrating functional blocks in a user terminalas an embodiment of the present invention.

FIG. 13 is a flowchart illustrating an operation of confirmingattendance as an embodiment of the present invention.

FIG. 14 is a flowchart illustrating an operation of authenticatingconnection as an embodiment of the present invention.

FIG. 15 is a diagram illustrating information on allowing connection asan embodiment of the present invention.

FIG. 16 is a diagram illustrating information on accepting a request forattendance as an embodiment of the present invention.

FIG. 17 is a flowchart illustrating another operation of confirmingattendance as an embodiment of the present invention.

FIG. 18 is a flowchart illustrating yet another operation of confirmingattendance as an embodiment of the present invention.

FIG. 19 is a flowchart illustrating an operation of authenticatingconnection as an embodiment of the present invention.

FIG. 20 is a diagram illustrating a screen for authenticating connectionas an embodiment of the present invention.

FIG. 21 is a diagram illustrating another information on allowingconnection as an embodiment of the present invention.

FIG. 22 is a diagram illustrating a screen for reporting that connectionis allowed as an embodiment of the present invention.

FIG. 23 is a diagram illustrating another system as an embodiment of thepresent invention.

FIG. 24 is a diagram illustrating a system as another embodiment of thepresent invention.

FIG. 25 is a sequence diagram illustrating an operation of the wholesystem as the other embodiment of the present invention.

FIG. 26 is a diagram illustrating information included in a request toregister a conference as the other embodiment of the present invention.

FIG. 27 is a diagram illustrating information on connectionauthentication as the other embodiment of the present invention.

FIG. 28 is a diagram illustrating another information on connectionauthentication as the other embodiment of the present invention.

FIG. 29 is a diagram illustrating a GUI of a screen for inputtinginformation on connection authentication as the other embodiment of thepresent invention.

FIG. 30 is a diagram illustrating information on connectionauthentication as the other embodiment of the present invention.

FIG. 31 is a block diagram illustrating a functional configuration of aconference system server as the other embodiment of the presentinvention.

FIG. 32 is a flowchart illustrating an operation of registering aconference as the other embodiment of the present invention.

DETAILED DESCRIPTION

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the presentinvention. As used herein, the singular forms “a”, “an” and “the” areintended to include the plural forms as well, unless the context clearlyindicates otherwise. It will be further understood that the terms“includes” and/or “including”, when used in this specification, specifythe presence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

In the known technology, it is possible to establish a network onlyavailable among intended terminals easily. However, the network is stilla simple one, and the network is not compatible with advancedinformation security. In communication such as wireless communicationthat a physical connection is not required, it is possible thatundesirable users might be allowed to connect due to a leak of a keywordetc. described before.

As an example of the wireless communication network, a network fordistributing materials to attendees at a conference room with multipleattendees can be considered. Especially, in highly confidentialconferences, since advanced security is required in distributingmaterials, it is required to reject unauthorized accesses by spoofing.

To cope with this issue, it is possible to prevent unauthorized accessesby spoofing using advanced user authentication together. However, it isrequired to use and control devices compatible with the advanced userauthentication to implement that scheme. Especially, if the advanceduser authentication such as fingerprint authentication is adopted to theuser terminal, it could be a problem that only limited users can usethat terminal.

In the embodiment described below, a communication control system in aconference room that can achieve advanced security in exchanginginformation using wireless communication with a simple configuration isprovided.

Embodiment 1

In this embodiment, a conference system that can manage attendance at aconference and distribute materials to attendees in a conference room isdescribed as an example. In those systems, it is possible to maintainadvanced information security in this embodiment.

FIG. 1 is a diagram illustrating a conference system in this embodiment.As shown in FIG. 1, the conference system in this embodiment includes aconference system server 1, an attendance management terminal 2, animage forming apparatus 3, and an access point 4. A user utilizes theconference system by using a user terminal 5.

In FIG. 1, a configuration surrounded by broken lines A is contained ina conference room. A system server 1, an attendance management terminal2, an image forming apparatus 3, and an access point 4 contained in theconference room are connected with each other via a network such asintranet established within a limited area.

A user registers himself/herself preliminarily using the user terminal 5via a network channel such as the Internet. Subsequently, after arrivingat the conference room, the user connects the user terminal 5 to thesystem via the access point 4 to receive the conference material. Inthis embodiment, it is possible to enhance security in the networkconnection via the access point 4.

The conference system server 1 is a server that provides variousfunctions of the conference system in this embodiment. One of thefunctions is to distribute the conference materials. That is, theconference system server 1 functions as a material distributionapparatus. In addition, the conference system server 1 in thisembodiment provides a function that controls accesses from/to a terminalthat establishes wireless connection with the access point 4. That is,the system in this embodiment also functions as a communication controlsystem, and the conference system server 1 functions as a communicationcontrol apparatus. Those functions are described in detail later.

The attendance management terminal 2 is an information processingterminal that registers attendance at the conference by inputtingauthentication information at the conference room by user operation. Forexample, the attendance management terminal 2 can be implemented byusing a generic information processing terminal such as a personalcomputer (PC) etc.

The image forming apparatus 3 prints out a random table used by the userwho registered his/her attendance at the conference on the attendancemanagement terminal 2 required for receiving distribution of theconference materials by accessing the system using the user terminal 5.The conference system server 1 inputs a print job as an output commandto instruct the image forming apparatus 3 to print out the random table.The access point 4 is a wireless communication apparatus that provideswireless communication connection to the user terminal 5. For example,the access point 4 is implemented by using a wireless LAN router.

The user terminal 5 is an information processing terminal held by thesystem user, and the user terminal 5 is implemented by using portableinformation processing apparatuses such as a notebook PC, a tabletdevice, and a smartphone etc. As shown in FIG. 1, after accessing thesystem via the network such as the Internet etc., the attendance at theconference is registered using the user terminal 5 by user operation.

Subsequently, after arriving at the conference room, the user connectsthe user terminal 5 to the system via the access point 4 to receive theconference material. In this embodiment, it is possible to enhance theinformation security during the session described above.

In FIG. 1, the attendance management terminal 2 and the image formingapparatus 3 are implemented as separate apparatuses. However, that isjust an example, and it is possible that the image forming apparatus 3includes the functions of the attendance management terminal 2.Likewise, it is described that the conference system server 1 and theaccess point 4 are different apparatuses. However, it is possible thatthe conference system server 1 includes the functions of the accesspoint 4.

Next, a hardware configuration of information processing apparatusessuch as the conference system server 1, the attendance managementterminal 2, the image forming apparatus 3, and the user terminal 5 etc.in this embodiment is described below with reference to FIG. 2. As shownin FIG. 2, the information processing apparatus in this embodimentincludes the same configuration as a general server or PC etc.

That is, in the information processing apparatus in this embodiment, aCentral Processing Unit (CPU) 10, a Random Access Memory (RAM) 20, aRead Only Memory (ROM) 30, a hard disk drive (HDD) 40, and an interface(I/F) 50 are connected with each other via a bus 80. In addition, aLiquid Crystal Display (LCD) 60 and an operational unit 70 are connectedto the I/F 50.

The CPU 10 is a processor and controls the whole operation of theinformation processing apparatus. The RAM 20 is a volatile storagedevice that can read/write information at high speed and is used as awork area when the CPU 10 processes information. The ROM 30 is aread-only non-volatile storage medium and stores programs such asfirmware. The HDD 40 is a non-volatile storage medium that canread/write information and stores the OS, various control programs, andapplication programs etc.

The I/F 50 connects the bus 80 with various hardware and network etc.and controls them. The LCD 60 is a visual user interface for displayingvarious information. The operational unit 70 is a user interface such asa keyboard, mouse, touch panel, and various hardware buttons etc. toinput information to the information processing apparatus by useroperation. In case of the image forming apparatus 3, an engine forprinting out is also included in addition to the configuration shown inFIG. 2.

In this hardware configuration described above, a software controllingunit is constructed by executing operation by the CPU 10 in accordancewith programs stored in the ROM 30 and programs loaded from storagedevices such as HDD 40, and optical discs (not shown in figures) intothe RAM 20. Functional blocks that implement capabilities of theconference system server 1, the attendance management server 2, theimage forming apparatus 3, and the user terminal 5 of this embodimentare constructed by a combination of the software controlling unitsdescribed above and hardware.

Here, an operation of the whole conference system in this embodiment isdescribed below with reference to a sequence diagram in FIG. 3. As shownin FIG. 3, first, the user terminal 5 held by a user who attends theconference requests the conference system server 1 to registerattendance by user operation in S301. In this case, the user terminal 5is connected to the conference system server 1 from the outside of thesystem via the network such as the Internet etc.

In S301, as shown in FIG. 4, the user terminal 5 transfers informationincluding “a conference ID”, “a user ID”, and “a password” to theconference system server 1. The conference ID is an identifier thatidentifies a conference at which the user claims to attend. The user IDis an identifier that identifies a user who claims to attend. Thepassword is identification information for authenticating the user whoclaims to attend.

After accepting the request to register the attendance, the conferencesystem server 1 accepts information shown in FIG. 4, stores theinformation in a database, and responds to the user terminal 5 as therequest origin in S302. In S302, the conference system server 1 storesinformation on accepting the request for attendance as shown in FIG. 5.In addition, the user terminal 5 displays a screen indicating that therequest to register the attendance.

On the day of the conference, user attendance is confirmed using theattendance management terminal 2 set up at the conference room by useroperation. FIG. 6 is a diagram illustrating a GUI of a screen forconfirming attendance at the conference displayed on the attendancemanagement terminal 2 in this embodiment. As shown in FIG. 6, inconfirming his/her attendance at the conference, the user selects “aconference ID” identifying the conference at which the user attends andinputs “a user ID” identifying the user himself/herself and “a password”authenticating the user himself/herself.

After the user operation on the screen in FIG. 6, the attendancemanagement terminal 2 accepts the user attendance in S303. Theattendance management terminal 2 transfers the information input on thescreen in FIG. 6 to the conference system server 1 and requests toconfirm whether or not the user is registered for the attendance inS304.

After accepting the request to confirm the registration, with referenceto the information on accepting the request for the attendance in FIG. 5based on the information received from the attendance managementterminal 2, the conference system server 1 confirms whether or not theuser who performs the attendance operation is registered in S305. InS305, if a record that includes corresponding conference ID, user ID,and password exists, the conference system server 1 determines that theuser is registered and authorized.

After confirming the registration of attendance, the conference systemserver 1 generates a random table as authentication information used bythe conference attendee to connect to the network at the conference roomand receive the distributed conference materials and informationspecifying a cell used for the authentication information in the randomtable and stores the generated random table in the storage medium inS306.

FIG. 7 is a diagram illustrating the random table in this embodiment. Asshown in FIG. 7, the random table in this embodiment is matrix forminformation that consists of 50 cells in total including 10 cells “A” to“J” in the horizontal direction and 5 cells “1” to “5” in the verticaldirection. Each of those cells includes character information generatedrandomly as random numbers. Various known algorithms can be used forgenerating the random numbers.

If the user terminal 5 connects to the conference system via the accesspoint 4, in addition to the user ID and the password in FIG. 5, thecharacter in the specified cell in the random table in FIG. 7 is used asthe authentication information. Therefore, the conference system server1 generates and stores information shown in FIG. 8 in S306. It ispossible to store the information shown in FIG. 8 separately. Otherwise,it is also possible to store the information on accepting request forattendance in FIG. 5 in addition to information specifying a cell suchas “A-4” (hereinafter referred to as “cell specifying information”). Itshould be noted that the number of cell specifying information is threein FIG. 8. However, that is just an example, and the number of cellspecifying information can be equal to or less than two or can be equalto or more than four.

It should also be noted that the conference system server 1 in thisembodiment stores all information of the random table shown in FIG. 7.However, only the characters specified by the cell specifyinginformation in FIG. 8 are referred when the user terminal 5 connects tothe network of the conference system. As a result, it is possible thatthe conference system server 1 does not store all information of therandom table but stores characters specified by the cell specifyinginformation only as the authentication information.

After generating and storing the information shown in FIG. 8, theconference system server 1 reports to the attendance management terminal2 that the user is confirmed as the registered attendee to respond thatthe registration is confirmed in S307. In S307, the conference systemserver 1 transfers image information for displaying the random table inFIG. 7 and the cell specifying information in FIG. 8 to the attendancemanagement terminal 2.

After receiving the response of confirming registration, the attendancemanagement terminal 2 displays the cell specifying information receivedfrom the conference system server 1 on the display in S308. As a result,the user as the attendee can recognize which cell in the random table isused as the authentication information.

In addition, based on the image information received from the conferencesystem server 1, the attendance management terminal 2 transfers a printjob for printing out the random table to the image forming apparatus 3in S309. That is, a module that generates the print job in theattendance management terminal 2 functions as a print controller. As aresult, the random table is printed out by the image forming apparatus 3and passed to the user. Accordingly, the user acquires the random table.In FIG. 3, the attendance management terminal 2 transfers the print jobof the random table. However, it is possible that the conference systemserver 1 transfers the print job of the random table. In this case, amodule included in the conference system server 1 functions as the printcontroller.

In the description in this embodiment, the conference system server 1generates the cell specifying information, and the attendance managementterminal 2 reports the cell specifying information to the user bydisplaying the cell specifying information on the display. Other thanthat, for example, it is possible that the user selects a cell byhis/her own choice.

In this case, the conference system server 1 stores informationassociated with the cell specifying information as shown in FIG. 9 inS302. Other than that, it is possible that information of the randomtable itself is not stored but only a character extracted from therandom table using the cell specifying information is stored. Aftergenerating the random table in S306, based on the cell specifyinginformation input by user operation, the conference system server 1stores the character in the specified cell as the authenticationinformation. In this case, only the information on the random table istransferred in S307.

After acquiring the random table, the user terminal 5 is connected tothe network of the conference system using wireless communication byuser operation. As a result, the user terminal 5 establishes wirelessconnection with the access point 4 in S310. In S310, for example, incase of using Wi-Fi connection, the user terminal 5 searches for aService Set IDentifier (SSID) for identifying wireless connectionprovided by the access point 4 using its own Wi-Fi connecting functionto establish the connection.

After the user terminal 5 establishes wireless connection with theaccess point 4, the conference system server 1 detects that in S311 andrequests the user terminal 5 to provide the authentication informationfor connecting to the conference system in S312. After the user terminal5 receives the request for the authentication information, a screen forinputting connection authentication information in FIG. 10 is displayed.

As shown in FIG. 10, in the screen for inputting connectionauthentication information, in addition to entry fields for the user IDand password, entry fields for characters extracted from the randomtable using the cell specifying information are displayed. On the userterminal 5, in addition to the user ID and password, characters in thecells specified by the cell specifying information are input by useroperation. The information described above is the authenticationinformation input based on the random numbers.

After performing the confirming operation by inputting information onthe screen for inputting connection authentication information in FIG.10, the user terminal 5 transfers the input authentication informationto the conference system server 1 in S313. After receiving theauthentication information from the user terminal 5, the conferencesystem server 1 performs the authentication operation based on thestored information as shown in FIG. 8 in S314.

After performing the authentication operation and confirming that thepassword and characters for random numbers are accurate, the conferencesystem server 1 confirms that the target user terminal 5 has authorityto access the network of the conference system and responds that theconnection is allowed in S315. As a result, the user terminal 5 canaccess the network of the conference system to browse the conferencematerials and receive images that the conference system broadcasts andlive streaming of conferences shot at other sites. As described above,an operation of the whole conference system in this embodiment finishes.

As described above, in the conference system in this embodiment, inaccessing the system using wireless connection provided at theconference room, access is controlled by using the random table issuedto the conference attendees only. As a result, it is possible to preventunauthorized people who acquires the user ID and password improperlyfrom accessing the conference system by spoofing.

Next, a functional configuration of the conference system server 1 inthis embodiment is described below with reference to FIG. 11. As shownin FIG. 11, the conference system server 1 in this embodiment includes acontroller 100 and a network I/F 110. The network I/F 110 is aninterface that the conference system server 1 communicates with otherapparatuses via a network, and Ethernet is used for the network I/F 110for example.

The controller 100 combines software and hardware and functions as acontrolling unit that controls the whole conference system server 1. Asshown in FIG. 11, the controller 100 includes a communication controller101, an attendance registration accepting unit 102, a request forattendance accepting information database (DB) 103, an attendanceconfirmation accepting unit 104, a random number processor 105, aconnection authentication information DB 106, and a wireless connectioncontroller 107.

The communication controller 101 controls exchanging information withapparatuses outside by the controller 100 via the network I/F 110. Theattendance registration accepting unit 102 accepts the request toregister attendance in S301 in FIG. 3 and registers the information inFIG. 5. The request for attendance accepting information DB 103 storesand manages the information on accepting the request for attendance inFIG. 5.

The attendance confirmation accepting unit 104 accepts the request toconfirm registration in S304 in FIG. 3, confirms attendee's registrationin S305, and responds that the registration is confirmed in S307. InS305, the attendance confirmation accepting unit 104 refers to theinformation in FIG. 5 stored in the request for attendance acceptinginformation DB 103 and confirms whether or not the attendance isregistered by checking the information input on the screen forconfirming attendance at the conference in FIG. 6.

In addition, in S307, the attendance confirmation accepting unit 104controls transferring the random table and the cell specifyinginformation generated as shown in FIG. 7 to the user terminal 5. Thatis, in S307, the attendance confirmation accepting unit 104 functions asa random number output unit. The random number processor 105 generatesthe random table in FIG. 7 and the information in FIG. 8 in S306 in FIG.3 and registers the generated information in the connectionauthentication information DB 106.

Under control of the random number processor 105, the connectionauthentication information DB 106 stores and manages the random table inFIG. 7 and the information in FIG. 8. The wireless connection controller107 performs an operation in steps S311 to S315 in FIG. 3. Especially,in S314, based on the information input on the screen in FIG. 10, thewireless connection controller 107 refers to the connectionauthentication information DB 106 and determines whether or not thepassword and characters selected from the random numbers correspond.

Next, a functional configuration of the user terminal 5 in thisembodiment is described below with reference to FIG. 12. As shown inFIG. 4, in addition to the LCD 60 and the control panel 70 shown in FIG.2, the user terminal 5 in this embodiment includes a controller 200, anetwork I/F 210, and a close-range communication I/F 220. The controller200 includes a network controller 201, an operational controller 202, adisplay controller 203, a close-range communication controller 204, anda client application 205.

The network I/F 210 is an interface that the user terminal 5communicates with other apparatuses via a network, and an interface suchas Ethernet is used for the network I/F 210. The close-rangecommunication I/F 220 is an interface that the user terminal 5communicates with other apparatuses by close-range wirelesscommunication, and interfaces such as Bluetooth and Wi-Fi are used asthe close-range communication I/F 211.

In this embodiment, the close-range communication I/F 220 connects tothe access point 4 wirelessly, and the user terminal 5 connects to thenetwork of the conference system. On the other hand, in case ofrequesting the conference system server 1 to register attendance,communication via the network I/F 210 is performed. The network I/F 210and the close-range communication I/F 211 are implemented by the I/F 50in FIG. 2.

The controller 200 combines software and hardware. The controller 200functions as a controller that controls the whole part of the userterminal 5. The network controller 201 acquires information input viathe network I/F 210 and transfers information to other apparatuses viathe network I/F 210. The close-range communication controller 204acquires information input via the close-range communication I/F 220 andtransfers information to other apparatuses via the close-rangecommunication I/F 220.

The operation controller 202 acquires a signal of user operation on theoperational unit 70 and input the signal to a module that operates onthe user terminal 5 such as the client application 205 etc. The displaycontroller 203 displays a status of the user terminal 5 such as a GUI ofthe client application 205 on the LCD 60 as a display unit of the userterminal 5.

The client application 205 is a software module that provides variousfunctions on the user terminal 5 and consists of software programscorresponding to each function. A dedicated application for using theconference system in this embodiment is also included in the clientapplication 205. As a result, GUIs such as shown in FIGS. 6 and 10 aredisplayed using the function of the client application 205.

Next, an operation of the conference system server 1 in this embodimentis described below. First, an operation of confirming attendance insteps S305 to S307 in FIG. 3 is described below with reference to FIG.13. As shown in FIG. 13, first, the attendance confirmation acceptingunit 104 acquires a request to conform registration from the attendancemanagement terminal 2 in S1301. After receiving the request to confirmregistration, the attendance confirmation accepting unit 104 acquiresinformation input on the screen in FIG. 6 (hereinafter referred to as“attendance confirmation information”) and refers to the request forattendance accepting information DB 103 in S1302.

After referring to the information in S1302, the attendance confirmationaccepting unit 104 determines whether or not the request for attendanceaccepting information DB 103 stores a record whose content correspondsto the attendance confirmation information in S1303. If the informationwhose content corresponds to the attendance confirmation information isstored in the request for attendance accepting information DB 103 (YESin S1303), the attendance confirmation accepting unit 104 instructs therandom number processor 105 to generate the random table and the cellspecifying information in S1304.

After generating the random table and the cell specifying information inaccordance with the request from the attendance confirmation acceptingunit 104, the random number processor 105 stores the information of therandom table and information in FIG. 8 as the connection authenticationinformation in the connection authentication information DB 106 inS1305. As described above, the connection authentication information canbe not only the random table and the cell specifying information butalso character information extracted from the random table in accordancewith the cell specifying information

After the random number processor 105 registers the information in theconnection authentication information DB 106, the attendanceconfirmation accepting unit 104 transfers a response to confirmregistration including image information for displaying the random tableand the cell specifying information to the attendance managementterminal 2 in S1306, and the process ends. By contrast, if there is noinformation whose content corresponds (NO in S1303), the attendanceconfirmation accepting unit 104 reports an error to the attendancemanagement terminal 2 in S1307, and the process ends.

Next, an operation of authenticating connection in steps S311 to S315 inFIG. 3 is described below with reference to FIG. 14. As shown in FIG.14, the wireless connection controller 107 monitors whether or not theuser terminal 5 connects to the access point 4 in S1401. After detectingthat the user terminal 5 connects to the access point 4 (NO in S1401),the wireless connection controller 107 requests the user terminal 5 thatestablishes the connection to provide the authentication information inS1402. As a result, on the user terminal 5, a screen for inputtingconnection authentication information in FIG. 10 is displayed.

The wireless connection controller 107 waits until the connectionauthentication information is input on the screen in FIG. 10 is received(NO in S1403). After receiving the connection authentication information(YES in S1403), the wireless connection controller 107 refers to theconnection authentication information DB 106 based on the receivedconnection authentication information in S1404. After referring to theinformation in S1404, the wireless connection controller 107 determineswhether or not a record whose content corresponds to the informationreceived from the user terminal 5 is stored in the connectionauthentication information DB 106 in S1405.

If information whose content corresponds is stored in the connectionauthentication information DB 106 (YES in S1405), the wirelessconnection controller 107 allows the user terminal 5 whose connection isdetected in S1401 to connect to the network of the conference system andresponds that the connection is allowed in S1406. For example, as shownin FIG. 15, in S1406, the wireless connection controller 107 generatesand stores connection allowance information including MAC address foridentifying the user terminal 5.

In wireless communication connections such as Wi-Fi, a format exchangedin transmitting and receiving information includes MAC address of aterminal. Therefore, the wireless connection controller 107 monitors theexchanged information, and the wireless connection controller 107 allowsto exchange the information if MAC address included in the informationcorresponds to MAC address registered in the connection allowanceinformation as shown in FIG. 15.

As a result, it is possible to control access in the network of theconference system. As shown in FIG. 15, in addition to MAC address, itshould be noted that the connection allowance information in thisembodiment includes the user ID of the user terminal 5 allowed toconnect and information on date when the connection is allowed.

By contrast, if there is no information whose content corresponds (NO inS1405), the wireless connection controller 107 reports an error to theuser terminal 5 in S1407, and the process ends. In this case, while theuser terminal 5 establishes the wireless communication connection withthe access point 4, since the conference system server 1 does not allowthe connection, the user terminal 5 cannot connect to the network of theconference system.

As described above, in the conference system in this embodiment, inconnecting to the wireless communication provided at the conferenceroom, the connection authentication using not the user ID and passwordbut the random table is performed. In addition, since the random tableis distributed to attendees confirmed the attendance by hand, it ispossible to keep risk of leaking information low until the day of theconference. Accordingly, it is possible to prevent a cracker whoacquired the user ID and password improperly from receiving radio waveof wireless communication outside the conference room and connecting tothe network by spoofing.

Since the attendee performs the attendance confirming operation usingthe attendance management terminal 2 at the conference room, it ispossible to prevent from processing improper attendance confirmingoperation by spoofing. Therefore, it is difficult that the cracker whoacquired the user ID and password improperly also acquires the randomtable, and it is possible to enhance security. Even if the crackeracquires the random table, it is impossible to authenticate theconnection in FIG. 14 considering that the cell specifying informationis not known, and it is possible to enhance security in that regard.

Since the attendance confirming operation is associated with theoperation of allowing the network connection, it is possible to enhancesecurity furthermore using the attendance confirming operation. Aspecific case is described below.

For example, if the number of attendees is very large, it is possible tocheck respective attendees' faces visually. As a result, it is possibleto allow a cracker to confirm attendance. In this case, if an authorizedattendee and a cracker confirm their attendance using the same user IDand password, the confirmation of attendance is performed for the sameuser ID redundantly. An operation that enhances security in that case isdescribed below.

FIG. 16 is a diagram illustrating information on accepting a request forattendance in that case. As shown in FIG. 16, information on“confirmation of attendance” is associated with each record ofregistering attendance. When the record is generated, the confirmationof attendance is “not yet”. If the operation of confirming attendance inFIG. 13 is performed, the information on the confirmation of attendanceis updated to “confirmed”.

If the operation of confirming attendance is performed again on therecord whose confirmation of attendance has been updated to “confirmed”,it is determined that the confirmation of attendance as error.Simultaneously, the user terminal 5 used by attendee who has alreadyconfirmed attendance is prohibited to connect to the network. As aresult, it is possible to keep advanced security. FIG. 17 is a flowchartillustrating another operation of confirming attendance in that case. Asshown in FIG. 17, the operation is performed similarly to FIG. 13 untilS1303.

If the corresponding information is stored in the request for attendanceaccepting information DB 103 (YES in S1303), the attendance confirmationaccepting unit 104 refers to the confirmation of attendance field of therecord to check whether or not attendance has already been confirmed inS1701. If attendance has not been confirmed yet (YES in S1701), theoperation after S1304 is performed just like in FIG. 13. In this case,the attendance confirmation accepting unit 104 updates the confirmationof attendance field in the corresponding record to “confirmed”.

By contrast, if attendance has already been confirmed (NO in S1701), theattendance confirmation accepting unit 104 determines that either theuser who has already confirmed attendance or the user who is confirmingattendance currently is spoofing. In that case, the attendanceconfirmation accepting unit 104 prohibits to connect to the network inS1702.

In S1702, the attendance confirmation accepting unit 104 instructs thewireless connection controller 107 to delete the connection allowanceinformation in FIG. 15. As a result, while the user terminal 5 connectedto the network of the conference system after the attendanceconfirmation and the operation in FIG. 14, the conference system server1 prohibits the user terminal 5 to perform communication.

In some cases, the operation in FIG. 14 has not been performed yet afterthe attendance confirmation, and it is possible that the connectionallowance information in FIG. 15 has not been generated yet. Therefore,in S1702, the attendance confirmation accepting unit 104 deletes arecord that includes corresponding conference ID, user ID, and passwordfrom the connection authentication information DB 106.

As a result, even if the cracker performs the wireless communicationconnection after that, since the information is deleted from theconnection authentication information DB 106, the correspondinginformation is not extracted in S1405 in FIG. 14, and the connection isnot allowed. Accordingly, it is possible to prevent the spoofing crackerfrom connecting to the network of the conference system.

After prohibiting to connect in S1702, the attendance confirmationaccepting unit 104 reports an error in S1307. As described above, ifspoofing occurs by the cracker, it is possible to detect thatappropriately and shut down the access.

Even in the case of FIG. 17, if the spoofing cracker confirms attendanceearlier than the authorized attendee confirms attendance and connectsthe wireless communication, it is possible that the communication by thespoofing cracker is allowed until the authorized attendee confirmsattendance. To cope with that issue, after all attendees who plan toattend the conference finish confirming attendance, it is possible toallow to access the conference system using the user terminal 5 thatestablishes connection with the access point 4.

FIG. 18 is a flowchart illustrating an operation of confirmingattendance allowing to access the network of the conference system viathe access point 4 after all attendee finish confirming attendance. Asshown in FIG. 18, the operation is performed similarly to FIG. 13 insteps S1301 to S1307 and similarly to FIG. 17 in steps S1701 and S1702.

After confirming registration in S1306 and updating the confirmation ofattendance field in the corresponding record to “confirmed”, theattendance confirmation accepting unit 104 checks whether or not allconfirmation of attendance field in the corresponding record of theinformation on accepting request for attendance for the correspondingconference are updated to “confirmed” in S1801. In S1801, based on theconference ID specified in the request to confirm registration acceptedin S1301, the attendance confirmation accepting unit 104 filters theinformation on accepting request for attendance and checks whether ornot all confirmation of attendance fields for all extracted records are“confirmed”.

After the check, if there is a record whose attendance has not beenconfirmed (NO in S1801), the attendance confirmation accepting unit 104finishes the operation as is. By contrast, if it is confirmed that allattendees are attending the conference (YES in S1801), the attendanceconfirmation accepting unit 104 reports the target conference ID to thewireless connection controller 107 to report that the communication isallowed in S1802.

FIG. 19 is a flowchart illustrating an operation of authenticatingwireless connection corresponding to the case in FIG. 18. As shown inFIG. 19, the wireless connection controller 107 performs the sameoperation as in FIG. 14 in steps S1401 to S1405 and S1407. If thecorresponding information is extracted from the connectionauthentication information DB 106 in S1405, the wireless connectioncontroller 107 does not respond reporting that the connection is allowedbut performs authenticated response indicating that the wirelessconnection has been authenticated in S1901.

FIG. 20 is a diagram illustrating a screen displayed on the userterminal 5 by the response in S1901. As shown in FIG. 20, in addition tothe notification indicating that the authentication by random numberssucceeded, it is reported that the connection to the system has not beenstarted yet. In S1907, the wireless connection controller 107 generatesand stores connection allowing information including the conference IDas shown in FIG. 20 instead of the connection allowance informationshown in FIG. 15.

Next, the wireless connection controller 107 waits until thenotification by the communication allowing operation in S1802 in FIG. 18is received (NO in S1902). Subsequently, after receiving thenotification by the communication allowing operation in S1802 in FIG. 18(YES in S1902), the wireless connection controller 107 reports theconnection allowing notification to the corresponding user terminal 5 inS1903.

In S1903, the wireless connection controller 107 reports the connectionallowing notification to specified IP address including the conferenceID notified in the communication allowing operation among the storedconnection allowing information as shown in FIG. 21. FIG. 22 is adiagram illustrating a screen displayed on the user terminal 5 afterreceiving the connection allowing notification. As shown in FIG. 22, itis reported that it has become possible to access the system.

In the embodiment described above, even if the user terminal 5 whoseconnection allowing information is stored tries to access the system, itis not allowed to access the system if the response of allowingconnection in S1802 in FIG. 18 is not performed for the correspondingconference ID. As a result, it is possible to restrict the access to theconference system by the attendees' user terminals 5 until it isconfirmed that all attendees are attending. Accordingly, it is possibleto control so that a certain period of time when the spoofing crackercan access the system as described before does not occur.

In the conference system in this embodiment, even in case of thespoofing cracker, the cracker needs to confirm attendance by operatingthe attendance management terminal 2 without exception. In that case,the cracker needs to stand at a position where the attendance managementterminal 2 is located. Therefore, as shown in FIG. 23, by installing amonitoring camera 6 at a place where the attendance management terminal2 is located, it is possible to record an image of the attendees whoconfirms attendance by operating the attendance management terminal 2.

In this case, the monitoring camera 6 shoot an surrounding areaincluding the attendance management terminal 2 at the timing ofconfirming attendance. Subsequently, the conference system server 1stores the image information generated by the shooting associated withthe information on accepting a request for attendance in FIG. 5. As aresult, it is possible to find the cracker in an expeditious way. Inthis case, a module included in the conference system server 1 functionsas an image acquisition unit.

For example, if the corresponding record indicates that the attendancehas already been confirmed in S1701 in FIG. 18, the attendanceconfirmation accepting unit 104 performs the connection prohibitingoperation in S1702 and displays the image shot when the record'sattendance is confirmed on the attendance management terminal 2. As aresult, on the attendance management terminal 2, an organizer or a staffmember of the conference room checks the displayed image, and it ispossible to find the spoofing cracker.

Embodiment 2

In the embodiment 1 described above, attendees of the conference areconfirmed by using the attendance management terminal 2. In thisembodiment, it is possible to keep advanced information security byusing a more simplified conference system. In the conference system inthis embodiment, as shown in FIG. 24, the attendance management terminal2 is removed, and user terminals 5 a and 5 b are added.

The user terminal 5 a is an information processing terminal used by anattendee who registers information on the held conference on theconference system server 1. In addition, the user terminal 5 b is aninformation processing terminal that receives information required forattending the conference from the user terminal 5 a. In the belowdescription, if it is unnecessary to distinguish the user terminal 5 afrom the user terminal 5 b, the description “the user terminal 5” isused.

Here, an operation of the whole conference system in this embodiment isdescribed below with reference to a sequence diagram in FIG. 25. Asshown in FIG. 25, first, the user terminal 5 a held by an organizer ofthe conference requests the conference system server 1 to register theconference by user operation in S2501. In this case, the user terminal 5a is connected to the conference system server 1 from the outside of thesystem via the network such as the Internet etc.

In S2501, as shown in FIG. 26, the user terminal 5 a transfersinformation including “a user ID” and “a password” to the conferencesystem server 1. The user ID is an identifier that identifies attendeeswho are invited to the conference to be held. The password isidentification information for authenticating the invited attendee as aprinciple.

After accepting the request to register the conference in S2501 andaccepting the information in FIG. 26 in S2502, the conference systemserver 1 generates and stores the random table in FIG. 7 as theauthentication information required when the invited attendee receivesthe conference materials by connecting the network at the conferenceroom and “the conference ID” as the authentication information generatedbased on the random table in S2503.

It is also possible that the random table and the conference ID as theauthentication information generated based on the random table aregenerated for each of the invited attendees and stored in the conferencesystem server 1. FIG. 27 is a diagram illustrating the authenticationinformation including the conference ID generated based on the samerandom table. FIG. 28 is a diagram illustrating the authenticationinformation including the conference ID generated based on the randomtable generated for each attendee.

As shown in FIG. 27, in case of generating the conference ID based onthe same random attendee, the same conference ID is generated for allattendees. By contrast, as shown in FIG. 28, in case of generating theconference ID based on the random tables generated for each attendee,different conference IDs are generated for each of the attendees. Therandom number processor 105 stores the authentication information inFIGS. 27 and 28 in the connection authentication information DB 106.

Next, the conference system server 1 transfers the generated conferenceID to the user terminal 5 a in S2504. The user terminal 5 a stores thereceived conference ID in S2505 and distributes the conference ID to theuser terminal 5 b held by the invited attendee using e-mail etc. inS2506. After receiving the conference ID, the user terminal 5 b storesthe received conference ID in a storage area in S2507.

In S2504, in case of transferring the conference IDs different for eachattendee in FIG. 28 to the user terminal 5 a, the conference systemserver 1 can transfer the conference ID associating with informationthat identifies each user terminal 5 b.

After receiving the conference ID, the user terminal 5 performs theoperation after S2507 to connect to the conference system via the accesspoint 4 just like the steps after S310 in FIG. 3. After acquiring theconference ID, the user terminal 5 is connected to the network of theconference system using wireless communication by user operation inS310.

After the user terminal 5 establishes wireless connection with theaccess point 4, the conference system server 1 detects that in S311 andrequests the user terminal 5 to provide the authentication informationfor connecting to the conference system in S312. After the user terminal5 receives the request for the authentication information, a screen forinputting connection authentication information in FIG. 29 is displayed.

As shown in FIG. 29, in the screen for inputting connectionauthentication information displayed on the user terminal 5 in thisembodiment, an entry field for the conference ID is displayed inaddition to the entry fields for the user ID and the password. On theuser terminal 5, in addition to the user ID and the password, theconference ID is input by user operation. The information describedabove is the authentication information input based on the randomnumbers in this embodiment.

After performing the confirming operation by inputting information onthe screen for inputting connection authentication information in FIG.29, the user terminal 5 transfers the input authentication informationto the conference system server 1 in S313. FIG. 30 is a diagramillustrating the authentication information transferred by the userterminal 5 in this embodiment. As shown in FIG. 30, the user terminal 5transfers information including “a user ID”, “a password”, and “aconference ID” to the conference system server 1.

After receiving the authentication information from the user terminal 5,the conference system server 1 performs the authentication operationbased on the stored information as shown in FIG. 27 or FIG. 28 in S314.The operation same as Embodiment 1 is performed after S315, and theredundant description is omitted.

As described above, in this embodiment, when the invited attendeeconnects to the conference system via the access point 4, theauthentication information in FIG. 30 issued to the invited attendeesonly is transferred. In addition, since the authentication informationincludes the conference ID generated based on the random table issued tothe invited attendees only, it is possible to prevent from accessing theconference system improperly.

Next, a functional configuration of the conference system server 1 inthis embodiment is described below with reference to FIG. 31. As shownin FIG. 31, the conference system server 1 in this embodiment includes acontroller 100 and a network I/F 110. The controller 100 combinessoftware and hardware and functions as a controlling unit that controlsthe whole conference system server 1.

As shown in FIG. 11, the controller 100 includes a communicationcontroller 101, a random number processor 105, a connectionauthentication information DB 106, a wireless connection controller 107,and a conference registration accepting unit 108. Regarding thefunctions that perform operations just like in Embodiment 1, theredundant description is omitted.

After accepting the request to register the conference in S2501, theconference registration accepting unit 108 registers the user ID and thepassword in FIG. 26. The random number processor 105 generates therandom table in FIG. 7 and the information in FIGS. 27 and 28 andregisters the generated information in the connection authenticationinformation DB 106 in S2503 in FIG. 25.

Next, an operation of registering conference in steps S2501 to S2504 isdescribed below with reference to FIG. 32 As shown in FIG. 32, first,the conference registration accepting unit 108 acquires the request toregister the conference from the user terminal 5 a in S3201. Afterreceiving the user ID and the password in FIG. 26 from the user terminal5 a, the conference registration accepting unit 108 registers the userID and the password in the connection authentication information DB 106and instructs the random number processor 105 to generate the randomtable in S3202.

The random number processor 105 generates the conference ID based on thegenerated random table, the user ID, and the password in S3203. Aftergenerating the conference ID, the random number processor 105 stores theinformation on the random table and the information in FIG. 30 as theconnection authentication information in the connection authenticationinformation DB 106 in S3204.

After the random number processor 105 registers the information in theconnection authentication information DB 106, the conferenceregistration accepting unit 108 transfers a response of confirming theregistration of the conference including the conference ID to the userterminal 5 a in S3205, and the process ends. After receiving theconference ID, the user terminal 5 a transfers the connectionauthentication information including the conference ID to the attendeeof the conference.

Next, after receiving the conference ID, the user terminal 5 instructsto authenticate the connection to the conference system server 1performing the same connection authentication operation in steps S311 toS315 in FIG. 3. On the user terminal 5 in this embodiment, the screenfor inputting connection authentication information in FIG. 29 isdisplayed to authenticate the connection. As a result, in the conferencesystem in this embodiment, since it is required to input the conferenceID generated based on the random table into the screen for inputting theinformation on authenticating the connection on the user terminal 5, itis possible to enhance security to connect the wireless communication.

The present invention also encompasses a non-transitory recording mediumstoring a program that executes a communication control method. Thecommunication control method includes the steps of acceptingconfirmation of attendance according to an operation of an attendee toan information processing apparatus located at a conference room,generating a random number in case of accepting the confirmation ofattendance, storing connection authentication information based on therandom number in a memory, the connection authentication informationbeing used for authenticating exchange of information with a terminalheld by the attendee at the conference, transferring an output commandfor printing an image having the generated random number to an imageforming apparatus, receiving authentication information input by theterminal based on the random number via wireless communication at theconference room, and authenticating the exchange of information with theterminal based on the connection authentication information stored inthe memory.

Each of the functions of the described embodiments may be implemented byone or more processing circuits or circuitry. Processing circuitryincludes a programmed processor, as a processor includes circuitry. Aprocessing circuit also includes devices such as an application specificintegrated circuit (ASIC), DSP (digital signal processor), FPGA (fieldprogrammable gate array) and conventional circuit components arranged toperform the recited functions.

Numerous additional modifications and variations are possible in lightof the above teachings. It is therefore to be understood that, withinthe scope of the appended claims, the disclosure of this patentspecification may be practiced otherwise than as specifically describedherein.

As can be appreciated by those skilled in the computer arts, thisinvention may be implemented as convenient using a conventionalgeneral-purpose digital computer programmed according to the teachingsof the present specification. Appropriate software coding can readily beprepared by skilled programmers based on the teachings of the presentdisclosure, as will be apparent to those skilled in the software arts.The present invention may also be implemented by the preparation ofapplication-specific integrated circuits or by interconnecting anappropriate network of conventional component circuits, as will bereadily apparent to those skilled in the relevant art.

What is claimed is:
 1. A communication control system, comprising: anattendance confirmation accepting unit to accept confirmation ofattendance according to an operation of an attendee to an informationprocessing apparatus located at a conference room; a random numberprocessor to generate a random number in case of accepting theconfirmation of attendance and store connection authenticationinformation based on the random number in a storage medium, theconnection authentication information being used for authenticatingexchange of information with a terminal operated by the attendee at theconference; a print controller to transfer an output command forprinting an image having the generated random number to an image formingapparatus; and a wireless connection controller to receiveauthentication information input by the terminal based on the randomnumber via wireless communication at the conference room andauthenticate the exchange of information with the terminal based on theconnection authentication information stored in the storage medium. 2.The communication control system according to claim 1, wherein theattendance confirmation accepting unit prohibits the terminal held bythe attendee from exchanging information in case of receiving redundantconfirmation of attendance from the same attendee.
 3. The communicationcontrol system according to claim 2, wherein the attendance confirmationaccepting unit prohibits the terminal held by the attendee fromexchanging information by deleting information indicating permission toconnect that is generated through the authentication by the wirelessconnection controller.
 4. The communication control system according toclaim 2, wherein the attendance confirmation accepting unit prohibitsthe terminal held by the attendee from exchanging information bydeleting the information that the random number processor stores in thestorage medium.
 5. The communication control system according to claim1, wherein the wireless connection controller allows the terminal toexchange information in case of accepting the confirmation of attendancefor all attendees after authorizing the terminal to exchangeinformation.
 6. The communication control system according to claim 1,wherein the random number processor generates a plurality ofrandomly-generated characters arranged in matrix as the random number,and stores a part of the randomly-generated characters to be used forauthorizing the terminal to exchange information as the connectionauthentication information.
 7. The communication control systemaccording to claim 1, further comprising an image acquisition unit toacquire an image around the information processing apparatus at a timewhen the operation of the attendee to the information processingapparatus to confirm the attendance is detected, wherein the attendanceconfirmation accepting unit stores identification information foridentifying the attendee who confirms the attendance associated with theacquired image around the information processing apparatus in thestorage medium.
 8. A communication control apparatus, comprisingcircuitry to: accept confirmation of attendance according to anoperation of an attendee to an information processing apparatus locatedat a conference room, generate a random number in case of accepting theconfirmation of attendance, store connection authentication informationbased on the random number in a memory, the connection authenticationinformation being used for authenticating exchange of information with aterminal held by the attendee at the conference, transfer an outputcommand for printing an image having the generated random number to animage forming apparatus, receive authentication information input by theterminal based on the random number via wireless communication at theconference room, and authenticate the exchange of information with theterminal based on the connection authentication information stored inthe memory.
 9. A communication control method comprising: acceptingconfirmation of attendance according to an operation of an attendee toan information processing apparatus located at a conference room;generating a random number in case of accepting the confirmation ofattendance; storing connection authentication information based on therandom number in a memory, the connection authentication informationbeing used for authenticating exchange of information with a terminalheld by the attendee at the conference; transferring an output commandfor printing an image having the generated random number to an imageforming apparatus; receiving authentication information input by theterminal based on the random number via wireless communication at theconference room; and authenticating the exchange of information with theterminal based on the connection authentication information stored inthe memory.